commit
6482720b29
@ -357,9 +357,9 @@ Options:
|
||||
--rw
|
||||
Mount chroot dir (/) R/W (default: R/O)
|
||||
--user|-u VALUE
|
||||
Username/uid of processess inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times
|
||||
Username/uid of processes inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times
|
||||
--group|-g VALUE
|
||||
Groupname/gid of processess inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times
|
||||
Groupname/gid of processes inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times
|
||||
--hostname|-H VALUE
|
||||
UTS name (hostname) of the jail (default: 'NSJAIL')
|
||||
--cwd|-D VALUE
|
||||
|
2
caps.cc
2
caps.cc
@ -88,7 +88,7 @@ int nameToVal(const char* name) {
|
||||
return cap.val;
|
||||
}
|
||||
}
|
||||
LOG_W("Uknown capability: '%s'", name);
|
||||
LOG_W("Unknown capability: '%s'", name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -77,8 +77,8 @@ struct custom_option custom_opts[] = {
|
||||
{ { "execute_fd", no_argument, NULL, 0x0607 }, "Use execveat() to execute a file-descriptor instead of executing the binary path. In such case argv[0]/exec_file denotes a file path before mount namespacing" },
|
||||
{ { "chroot", required_argument, NULL, 'c' }, "Directory containing / of the jail (default: none)" },
|
||||
{ { "rw", no_argument, NULL, 0x601 }, "Mount chroot dir (/) R/W (default: R/O)" },
|
||||
{ { "user", required_argument, NULL, 'u' }, "Username/uid of processess inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times" },
|
||||
{ { "group", required_argument, NULL, 'g' }, "Groupname/gid of processess inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times" },
|
||||
{ { "user", required_argument, NULL, 'u' }, "Username/uid of processes inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times" },
|
||||
{ { "group", required_argument, NULL, 'g' }, "Groupname/gid of processes inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times" },
|
||||
{ { "hostname", required_argument, NULL, 'H' }, "UTS name (hostname) of the jail (default: 'NSJAIL')" },
|
||||
{ { "cwd", required_argument, NULL, 'D' }, "Directory in the namespace the process will run (default: '/')" },
|
||||
{ { "port", required_argument, NULL, 'p' }, "TCP port to bind to (enables MODE_LISTEN_TCP) (default: 0)" },
|
||||
|
@ -79,7 +79,7 @@ static bool configParseInternal(nsjconf_t* nsjconf, const nsjail::NsJailConfig&
|
||||
nsjconf->mode = MODE_STANDALONE_EXECVE;
|
||||
break;
|
||||
default:
|
||||
LOG_E("Uknown running mode: %d", njc.mode());
|
||||
LOG_E("Unknown running mode: %d", njc.mode());
|
||||
return false;
|
||||
}
|
||||
if (njc.has_chroot_dir()) {
|
||||
|
2
mnt.cc
2
mnt.cc
@ -178,7 +178,7 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
|
||||
return false;
|
||||
}
|
||||
if (!util::writeToFd(fd, mpt->src_content.data(), mpt->src_content.length())) {
|
||||
LOG_W("Writting %zu bytes to '%s' failed", mpt->src_content.length(),
|
||||
LOG_W("Writing %zu bytes to '%s' failed", mpt->src_content.length(),
|
||||
srcpath);
|
||||
close(fd);
|
||||
return false;
|
||||
|
4
nsjail.1
4
nsjail.1
@ -44,10 +44,10 @@ Directory containing / of the jail (default: none)
|
||||
Mount chroot dir (/) R/W (default: R/O)
|
||||
.TP
|
||||
\fB\-\-user\fR|\fB\-u\fR VALUE
|
||||
Username/uid of processess inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times
|
||||
Username/uid of processes inside the jail (default: your current uid). You can also use inside_ns_uid:outside_ns_uid:count convention here. Can be specified multiple times
|
||||
.TP
|
||||
\fB\-\-group\fR|\fB\-g\fR VALUE
|
||||
Groupname/gid of processess inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times
|
||||
Groupname/gid of processes inside the jail (default: your current gid). You can also use inside_ns_gid:global_ns_gid:count convention here. Can be specified multiple times
|
||||
.TP
|
||||
\fB\-\-hostname\fR|\fB\-H\fR VALUE
|
||||
UTS name (hostname) of the jail (default: 'NSJAIL')
|
||||
|
@ -255,7 +255,7 @@ void displayProc(nsjconf_t* nsjconf) {
|
||||
}
|
||||
|
||||
static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
|
||||
LOG_W("pid=%d commited a syscall/seccomp violation and exited with SIGSYS", si->si_pid);
|
||||
LOG_W("pid=%d committed a syscall/seccomp violation and exited with SIGSYS", si->si_pid);
|
||||
|
||||
const auto& p = nsjconf->pids.find(si->si_pid);
|
||||
if (p == nsjconf->pids.end()) {
|
||||
|
Loading…
Reference in New Issue
Block a user